As soon as a CISO arrives in the company, carry out an assessment to understand which are the most relevant problems.
In summary, the first actions that CISO will undertake in the company are:
- Initial assessment
- Create an action plan and a long-term strategy
- Implement the necessary policies
- Managing compliance issues (e.g. GDPR)
- Manage information classification
- Manage asset management
- Manage access rights to assets and information
- Manage perimeter protections as well as wi-fi networks
- Prevent attacks, perform hardening, patch and vulnerability management activities
- Manage digital identities
- Manage incidents
- Manage staff training
- Report directly to top management